Murky Panda, a China-nexus cyber threat group, has been conducting widespread espionage against government, tech, academic, legal, and professional sectors in North America since late 2024. Known for exploiting cloud environments and trusted relationships, the group poses a growing concern in state-sponsored cyber activity.
CrowdStrike highlights Murky Panda’s rapid use of n-day and zero-day vulnerabilities, often breaching systems via internet-facing appliances. Their operations focus on intelligence gathering, including email and document theft, while using advanced techniques to avoid detection such as timestamp manipulation and deleting forensic traces.
The group deploys tools like Neo-reGeorg web shells and custom malware CloudedHope, and uses compromised small office/home office devices for infrastructure. Their standout tactic involves exploiting cloud-based trust relationships, allowing lateral movement from compromised SaaS providers to downstream victims.
Murky Panda has also targeted Microsoft cloud solution providers, gaining Global Admin access and establishing persistent backdoors through modified service principals and new user accounts. These actions reflect a deep understanding of cloud architecture and identity systems.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
